Cybersecurity Videos

All News Deals Social Blogs Videos Podcasts Digests

Cybersecurity DevOps

SecTor 2025 | How Secure Is Your Base Image? A Live Security Test of Popular OSS Containers

•May 21, 2026

Black Hat

Black Hat•May 21, 2026

Why It Matters

Containers are now the frontline of software supply‑chain attacks, and relying on CVE counting or slow patch cycles leaves organizations exposed to exploits that propagate faster than teams can respond—making proactive image hygiene and secure build pipelines essential to reduce breach risk and regulatory pressure.

Summary

John, CTO and co‑founder of Root, ran a live security assessment of three widely used open‑source container base images—all Debian variants—and demonstrated how common developer practices produce bloated, aging images that harbor serious risks beyond just CVEs. He showed how Dockerfile patterns and build choices create attack surface that standard CVE counts miss, and walked through hands‑on checks and commands to identify these issues. John also highlighted a fast‑moving CISA KEV example to illustrate the widening gap between exploit velocity (now accelerated by automation/agents) and slow, human‑paced remediation. He argues for shifting left with proactive controls, hardened golden images or secure defaults, and tooling that prevents insecure bases from reaching production.

Original Description

Most developers use container base images without fully understanding their security posture. Even widely trusted images like Alpine, Debian, Ubuntu, or Distroless are often assumed to be secure—but in practice, they degrade over time as new CVEs emerge. Minimal images might reduce surface area, but they don't eliminate risk and relying on static scans at build time is no longer enough.

This talk puts those assumptions to the test—literally.

In a live session, we'll scan the most commonly used container base images and compare audience expectations against real-time results. Which image contains the most vulnerabilities? Which ones include high or critical CVEs, even with no extra layers and more importantly: how can teams respond to this shifting reality without constant rebuilds and manual updates?

By: John Amaral | CTO and Co-Founder, Root.io

https://blackhat.com/sector/2025/briefings/schedule/?#how-secure-is-your-base-image-a-live-security-test-of-popular-oss-containers-47527

Comments

Want to join the conversation?

Loading comments...